SQL Injection Vulnerability in Wikimedia Foundation Mediawiki Cargo Extension
CVE-2026-14363

6.9MEDIUM

What is CVE-2026-14363?

A vulnerability in the Wikimedia Foundation's Mediawiki Cargo Extension allows for improper neutralization of special elements used in SQL commands, leading to potential SQL injection attacks. This weakness can be exploited to manipulate database queries, which may reveal sensitive information or alter database contents. If you are using versions prior to 1.43.9, 1.44.6, or 1.45.4, it is crucial to patch your systems to mitigate the risks associated with this vulnerability.

Affected Version(s)

Mediawiki - Cargo Extension * < 1.43.9,1.44.6,1.45.4

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

GICodeWarrior
Yaron_Koren
.